Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- APT34 hackers exposed in a highly targeted espionage campaign
May 12, 2022
Threat analysts have spotted a novel attack attributed to the Iranian hacking group known as APT34 group or Oilrig, who targeted a Jordanian diplomat with custom-crafted tools. The attack involved advanced anti-detection and anti-analysis techniques and had some characteristics that indicate lengthy and careful preparation. Security researchers at Fortinet have gathered evidence and artifacts from the attack ...
- New IceApple exploit toolset deployed on Microsoft Exchange servers
May 11, 2022
Security researchers have found a new post-exploitation framework that they dubbed IceApple, deployed mainly on Microsoft Exchange servers across a wide geography. IceApple is described as being “highly sophisticated,” its developer prioritizing keeping a low profile for long-term objectives in targeted attacks. The framework was discovered by the Falcon OverWatch team, CrowdStrike’s proactive threat hunting division, in ...
- Microsoft closes Windows LSA hole under active attack
May 11, 2022
Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates. That’s seven critical bugs, 66 deemed important, and one ranked low severity. At least one of the vulnerabilities disclosed is under active attack with public exploit code, according to Redmond, while two others are listed as having public exploit code. After April’s astonishing 100-plus ...
- CISA: Protecting Against Cyber Threats to Managed Service Providers and their Customers
May 11, 2022
The cybersecurity authorities of the United Kingdom (NCSC-UK), Australia (ACSC), Canada (CCCS), New Zealand (NCSC-NZ), and the United States (CISA), (NSA), (FBI) are aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue. This joint Cybersecurity Advisory (CSA) provides actions MSPs and ...
- Team of experts help Rutube to recover from the May 9 cyberattack
May 11, 2022
Rutube involved several expert teams, including a team of specialists from Positive Technologies security center, to deal with the aftermath of the May 9 cyberattack, the website said in its Telegram channel. “In order to investigate the attack and deal with its aftermath, several expert teams were involved, including a team of specialists from the Positive ...
- U.S. Government Attributes Cyberattacks on SATCOM Networks to Russian State-Sponsored Malicious Cyber Actors
May 10, 2022
CISA and the Federal Bureau of Investigation (FBI) have updated the joint cybersecurity advisory, Strengthening Cybersecurity of SATCOM Network Providers and Customers, originally released March 17, 2022, with U.S. government attribution to Russian state-sponsored malicious cyber actors. The United States assesses Russia launched cyberattacks in late February against commercial satellite communications networks to disrupt Ukrainian ...

